Alexander Bokovoy 0c67f0e607 ipa-kdb: fix PAC requester check ...

PAC requester check was incorrect for in-realm S4U operations. It casted
too wide check which denied some legitimate requests. Fix that by only
applying rejection to non-S4U unknown SIDs, otherwise S4U2Self request
issued by the in-realm service against a trusted domain's user would not
work.

Related: https://pagure.io/freeipa/issue/9083
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>

2022-11-02 11:03:04 +02:00

..

dnssec

dnssec daemons: read the dns context config file for debug state

2022-06-02 11:17:57 +02:00

ipa-kdb

ipa-kdb: fix PAC requester check

2022-11-02 11:03:04 +02:00

ipa-otpd

ipa-otpd: initialize local pointers and handle gcc 10

2022-08-29 17:34:20 +02:00

ipa-sam

ipa-sam: retrieve trusted domain account credential from the TDO itself

2022-04-13 18:37:12 +02:00

ipa-slapi-plugins

extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper() returns object from a wrong domain (performance optimization)

2022-10-04 14:01:56 +02:00

ipa-version.h.in

Build: move version handling from Makefile to configure

2016-11-09 13:08:32 +01:00

Makefile.am

build: Unify compiler warning flags used

2021-01-15 14:11:56 +01:00